WhatsApp users targets of a phishing attack

Popular messaging app WhatsApp users are being targeted by phishing attacks, security researchers from Comodo have confirmed late last week.

According to the security firm, cybercriminals are targeting WhatsApp users, sending them fake emails in which they represent information as official WhatsApp content.

The goal is to spread malware as soon as the message is clicked on.

"The emails are being sent from a rogue email address, disguised with an umbrella branding “WhatsApp,” the company said in a blog post.

By simply looking at the FROM email address, it is easily seen that the message has nothing to do with WhatsApp.

The company says cybercriminals are using a couple of subject lines to phish for victims:

  • You have obtained a voice notification xgod
  • An audio memo was missed. Ydkpda
  • A brief audio recording has been delivered! Jsvk
  • A short vocal recording was obtained npulf
  • A sound announcement has been received sqdw
  • You have a video announcement. Eom
  • A brief video note got delivered. Atjvqw
  • You’ve recently got a vocal message. Yop

Each message ends with a random set of characters, most likely left to encode data or identify recipients.

Comodo says cybercriminals are spreading a variant of Nivdort through a compressed .zip file.

“The malware usually replicates itself into different system folders, adding itself into an auto-run in the computer’s registry,” the company said.

“Cybercriminals are becoming more and more like marketers – trying to use creative subject lines to have unsuspecting emails be clicked and opened to spread malware,” said Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs.